To maintain report library security, by default, only users who have the role of administrator can generate or view reports in the root library folder. Other users and groups must be granted permission to view, create, edit and delete an item in the report library. You must have the role of administrator to grant or modify these user and group permissions. For more information about how to change user and group permissions to the report library, see Change report library permissions .
Because all users are assigned to the Publicfolder, the administrator can change the default location of generated reports to be the Publicfolder, instead of granting various permissions to each user and group for access to the report library folder. For more information, see Everyone group and Public folder .
For more information about what a user may see in the report library at different security levels, see MSDN Blog (Dynamics Corporate Performance Management).
Security and user groups
When validating a user’s access to a folder or report, the user’s group memberships are considered. For example, if you grant access to a report in the library to a group, and then later add users to the group, the new users will gain access to the existing report. Alternatively, if a user is removed from a group, that user will no longer have access to the report that is provided by the security group. For more information about how to add and delete users and groups, see Manage users and Manage user groups .
Everyone group and Public folder
By default, new users are added to the Everyonegroup. This is a system group and cannot be modified. There is also a Publicfolder that can be accessed by all users who are included in the Everyonegroup. By default, generated reports are sent to the report library. Users can change to this public folder location to generate reports because all users have access to it. If the Publicfolder is not used, it can be renamed or deleted.
Granting permissions
A user with the role of administrator can grant a user or a group permissions to all of the report library, or permissions to specific folders, reports, report versions, or external documents. If you grant permissions to all of the report library, those permissions cascade down into all folders, reports, and external documents in the report library. Similarly, if you grant permissions to a folder, those permissions cascade down into the subfolders, reports, report versions, and external documents for the folder.
Access to some menu commands in Report Viewer requires a combination of the correct Management Reporter role and the correct permission on the folder in the report library.
By default, the report library and all its folders and subfolders are visible to all Management Reporter users. Even though all users can see the names of all folders and subfolders in the report library, users can open and view only the reports and documents that they have view permissions for.
For reporting trees, report library security works together with unit security. For example, if you grant user permissions to individual units in a reporting tree in Report Designer, that user is automatically granted permission to that report in the report library. In other words, if you grant permissions to a reporting tree in Report Designer, you do not have to grant those permissions again after the report is generated.
For details about how to change user and group permissions, see Change report library permissions .
Show Inherited Permissions option
The Report Library Permissionsdialogue box, which an administrator modifies to grant user and group view, edit, create, and delete permissions to report library objects, has an option called Show inherited permissions. This option shows or hides permissions that are inherited by the selected item, such as a report library folder, report, report version, or external document.
When the Show inherited permissionsoption is not selected, only permissions granted specifically for the selected object appear.
When the Show inherited permissionsoption is selected, permissions granted specifically for the selected report or item appear, in addition to permissions that have been inherited from a group, role, or folder. If permission is inherited from more than one folder, each folder location is displayed separately. For more information about how to access the Report Library Permissionsdialogue box, see Change report library permissions .